An internal investigation by Alberta Health Services (AHS) revealed 3,224 patients had their electronic health records accessed improperly over a two-year period at Red Deer Regional Hospital Centre (RDRHC) by two clerical employees in the Diagnostic Imaging (DI) department.
The AHS investigation concluded that one DI employee had improperly accessed the patient information of 3,147 individuals between Oct. 2018 and Oct. 2020 and a co-worker improperly accessed the patient information of 77 individuals.
The majority of the patient health records accessed were of RDRHC emergency patients, coworkers and family members, and consisted of personal demographic information and clinical records.
The access incidents did not impact patient care or the accuracy of patient records.
Both individuals involved are no longer employed by AHS.
AHS has reported the breach to Alberta Health and the Office of the Information and Privacy Commissioner of Alberta (OIPC).
“AHS takes the privacy and confidentiality of patient information seriously, and non-work related access to patient records is a clear breach of confidentiality and a direct violation of privacy and information security policies,” said Janice Stewart, Chief Zone Officer with AHS Central Zone. “We understand that patients trust AHS to appropriately access and safeguard their health and personal information.
“AHS remains fully committed to ensuring safeguards are in place to build this trust by preventing inappropriate access, use or disclosure of patient information.”
Notifications to affected RDRHC patients were mailed by AHS on April 12, 2021, in accordance with the Health Information Act.
Only those individuals who receive letters were subject to this privacy breach.